If you discover a security vulnerability in this project, please report it to us by sending an email to [email protected] or by messaging me on discord jerrylum
(User ID: 298638092196249600). Please do not create public GitHub issues for security vulnerabilities.
We will acknowledge your report within 24 hours and provide an estimated timeline for a fix. We may also ask for additional information to help us reproduce and address the issue.
We only support the latest version of the project. We encourage all users to use the latest version of the project by using the web app at path.jerryio.com, as it contains the latest security fixes and improvements.
After identifying and addressing a security vulnerability, we will release security updates for this project and provide information about the security vulnerability and how to address it as soon as possible.
This project takes the following security measures to ensure the safety of its users:
- We use HTTPS to encrypt all traffic to and from the web app.
- We host the web app on GitHub Pages, which provides additional security features such as HTTPS by default and DDoS protection.
- We use input validation and sanitization to prevent common web application security vulnerabilities. Specifically, user input, including file content, is sanitized to prevent cross-site scripting (XSS) attacks by parsing malicious path files.
- We do not store path data in the web app or on the server. All user content is saved on the user's device and never leaves the user's device.
We believe in responsible disclosure of security vulnerabilities, and we encourage all security researchers to follow our responsible disclosure policy:
- Do not attempt to disrupt the normal operation of the application or server.
- Do not publicly disclose a vulnerability until we have had an opportunity to address it.
- Provide us with a reasonable amount of time to address the vulnerability before publicly disclosing it.
We appreciate the efforts of security researchers to improve the security of our project, and we will acknowledge their contributions in our release notes.
If you have any questions or concerns about this security policy, please contact us at [email protected].